Friday, July 24, 2009

2nd Circuit: Computer Hacking Could Be Deceptive Under 10(b)

An individual who allegedly hacked into a corporate computer system and traded on adverse earnings information he obtained before its public release may have engaged in actionable deceptive conduct under Section 10(b). A 2nd Circuit panel reversed (SEC v. Dorozhko) a district court finding that the individual, while perhaps in violation of other state and federal law, had not violated Section 10(b) because he was a corporate outsider who violated no fiduciary duty.


The district court relied on two well-known Supreme Court cases, Chiarella v. U.S. and U.S. v. O'Hagan on insider trading, and the high court's decision in SEC v. Zandford involving the theft of client assets by a broker to conclude that a "breach of a fiduciary duty to disclose or abstain that coincides with a securities transaction" was an essential element of deceptive conduct.

The 2nd Circuit disagreed, as it concluded that none of the Supreme Court opinions relied upon by the District Court—much less the sum of all three opinions—establishes a fiduciary duty requirement as an element of every violation of Section 10(b). While the three decisions all stood for the proposition that nondisclosure in breach of a fiduciary duty satisfied the deceptive device or contrivance, the appeals panel concluded that none of these decisions required the element of a fiduciary relationship, as "what is sufficient is not always what is necessary."

The court stated that if the hacker impersonated a user to gain access, this conduct would be “deceptive” within the ordinary meaning of the word. The panel did not, however, resolve the issue of whether hacking in by avoiding or breaching security systems would also meet that definition. The court remanded the matter to the district court to determine whether the computer hacking in this case involved a fraudulent misrepresentation that was “deceptive” within the ordinary meaning of Section 10(b).


.